CVE-2026-10044

Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/filename endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying absolute Windows paths or backslash-based traversal...

CVE-2026-10044 ai-goofish-monitor Unauthenticated Arbitrary File Read via GET /api/prompts/

Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/filename endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying absolute Windows paths or backslash-based traversal...

CVE-2026-10044 ai-goofish-monitor Unauthenticated Arbitrary File Read via GET /api/prompts/

Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/filename endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying absolute Windows paths or backslash-based traversal...

PT-2026-44540

Name of the Vulnerable Software and Affected Versions ai-goofish-monitor affected versions not specified Description An unauthenticated arbitrary file read issue exists in Windows deployments. Remote attackers can read arbitrary files by supplying absolute Windows paths or backslash-based travers...

Vulnerabilities Resolved in Veeam Backup & Replication 13.0.1.2067

All vulnerabilities documented in this article were resolved in Veeam Backup & Replication 13.0.1.2067. Veeam Software Security Commitment Veeam® is committed to ensuring its products protect customers from potential risks. As part of that commitment, we operate a Vulnerability Disclosure Program...

Improper Encoding or Escaping of Output

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the script generation process in Windows deployments due to improper handling of command-line arguments in gateway.cmd. An attacker can execute...

CVE-2025-40541

An Insecure Direct Object Reference IDOR vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because...

CVE-2025-40540

A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services...

CVE-2025-40538

A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via domain admin or group admin privileges. This issue requires administrative privileges to abuse. On...

CVE-2025-40540

A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services...

CVE-2025-40540 SolarWinds Serv-U Type Confusion Remote Code Execution Vulnerability

A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services...

CVE-2025-40540

A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services...

CVE-2025-40538 SolarWinds Serv-U Broken Access Control Remote Code Execution Vulnerability

A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via domain admin or group admin privileges. This issue requires administrative privileges to abuse. On...

PT-2026-21671

Name of the Vulnerable Software and Affected Versions Serv-U versions 15.5.3 and earlier Description An Insecure Direct Object Reference IDOR vulnerability exists in Serv-U. Exploitation of this issue allows a malicious actor to execute native code as a privileged account. This requires...

Veeam Backup & Replication Platform Migration Guide (Windows to Linux)

Article Applicability This article is related to a new capability to migrate the configuration of a Windows-based Veeam Backup & Replication deployment to a Veeam Software Appliance. Due to the variability in how Veeam Backup & Replication can be used, configured, and deployed, and the complexity...

CVE-2026-0386

Improper access control in Windows Deployment Services allows an unauthorized attacker to execute code over an adjacent network...

CVE-2026-0386

Improper access control in Windows Deployment Services allows an unauthorized attacker to execute code over an adjacent network...

CVE-2026-0386

Improper access control in Windows Deployment Services allows an unauthorized attacker to execute code over an adjacent network...

CVE-2026-0386

CVE-2026-0386 : Windows Deployment Services has an improper access control vulnerability that can allow an adjacent-network attacker to execute code remotely. This entry is supported by multiple sources confirming the issue and indicating Microsoft has released January 2026 security updates to ad...

CVE-2026-0386

Improper access control in Windows Deployment Services allows an unauthorized attacker to execute code over an adjacent network...